Have allow all traffic for 2 IP addresses. Have logging on and marked the rule LOG ALWAYS and never see any recorded events in the log.I know there is traffic to these addresses.
Have 2 rules to allow all traffic to 2 specific IP addresses.Below that, rule to BLock all SIP traffic.When I enaable the Block SIP rule, it blocks the 2 specific IP addresses (SIP) also.Thought the rules applied in top down order?
Chris,Thanks for the help but having no rule is how the sip traffic was hacked. We have other outside ips into this router without a rule to allow so i'm not sure block is the default.jeff
Jeffrey.Thanks for looking into this. We get the logs in good order except that ALLOW traffic is not in the log. All the DENY traffic and a large amount of debug information IS in the log and visible.ThanksJeff